image
The RSA Distributor of The Year - EMEA - 2012 My employer, COMPUTERLNKS ME, The RSA Distributor in Middle East and Africa has been awarded as "The RSA Distributor of The Year" for the product I manage, RSA - The Security Division of EMC in Middle East and Africa. Read the Full Story
image
The Service Partner of The Year - Kaspersky Lab - 2011 My employer, ValueSYS, Kaspersky Distributor in North Africa has been awarded as "The Service Partner of The Year" for the product I manage, Kaspersky Anti-virus in North Africa. Read the Full Story
image
All Content Under Creative Common License! All Content is under Creative Common License: Attribution - Noncommercial - No Derviative Works 3.0 Unported - to share under conditions Read the Full Story
image
The Most Innovative Partner Award - Kaspersky Lab - 2010 ValueSYS, my employer won the award of "The Most Innovative Partner of 2010" for the product I manage, Kaspersky Anti-virus in North Africa. Read the Full Story
* * * *
image image image image

This article summarizes the fundamentals of LUM - Linux User Management of OES Server - Open Enterprise Server and how to implement it, this is applicable to other Linux Distributions as well.

Fundementals

  • Some Services on Linux require eDirectory users to be Linux Local users to get use of it, such as Novell Samba, ftp, rsh, login and Novell Remote Manager.
  • Linux Users and groups are managed through POSIX standard Accounts.
  • Users and Groups are managed through eDirectory Accounts.
  • LUM enables eDirectory Accounts to be POSIX accounts to enable eDirectory Users access to Linux Server.
  • POSIX Accounts has standard attributes (username, password, uid, gid, Homedirectory, shell, comment)
  • When Users become LUM enabled, PAM make it possible for eDir Users to authenticate to OES Server using LDAP.
  • Services like NCP Server, NSS, iFolder, and other Web Services doesn't require eDir users to be LUM enabled, but have some LUM Requirements.
  • If NCP Volumes point to other partitions than NSS, the user should be LUM enabled to access all features.
  • NSS: If protocols other than NCP access NSS, then eDirectory users should be LUM Enabled.
  • QuickFinder, iFolder, Web Services: These services configured to run as POSIX Accounts, If Services run on NSS volumes all users should be LUM Enabled.
  • Each LUM Enabled user should be associated with a LUM enabled Group. (eDir admin is enabled by default)

Implementation

  • Decide which users will be LUM enabled based on access services through users.
  • Installing all OES servers in the tree prior enabling Users for LUM on Multiple Servers.
  • LUM enabled group associated to the UNIX Config object or individual UNIX Workstation object, must be created before enable users for LUM.
  • LUM enabled group should be associated to UNIX Config object in case of enabled LUM users on multiple OES Servers.
  • Created LUM Enabled users can be Samba enabled during the creation.
  • iManager should be used for password changes for users.

1) Create LUM Enabled Group 

  • Create new group - iManager - LUM Category - Enable Group for LUM
  • Associate the group to UNIX Workstation if users will be LUM enabled on this server only or to UNIX Config object if users are enabled on multiple servers.
  • we can enter multiple UNIX workstation objects for the group, so that, users will be enabled on specific servers.

2) Create Users

  • Create new user - iManager - LUM Category - Enable User for LUM.
  • Enable User for Samba if required.
 
Cheers,
Ashraf Abdelazim
Share on Myspace